주요정보통신기반시설 기술적 취약점 분석 평가 상세 가이드

다운로드 (한국인터넷진흥원)_주요정보통신기반시설_기술적_취약점_분석_평가_상세_가이드_(2017).pdf

기술적 취약점 분석ㆍ평가 방법 상세가이드

Ⅰ. 개요 ······················································ 1
1. 개요 ·························································· 3
2. 목적 및 구성 ············································ 3
Ⅱ. 보안가이드라인 ····································· 5

UNIX 서버
기본/선택
1. 계정 관리 ····································· 11/ 93
2. 파일 및 디렉토리 관리 ················· 24/114
3. 서비스 관리 ································· 45/122
4. 패치 관리 ···································· 88
5. 로그 관리 ····································· 92/145
부록 ··············································· 149

윈도우즈 서버
기본/선택
1. 계정 관리 ··································· 165/246
2. 서비스 관리 ······························· 175/266
3. 패치 관리 ··································· 225/287
4. 로그 관리 ··································· 227/290
5. 보안 관리 ··································· 229/293
6. DB 관리 ············································ 311

보안장비
기본/선택
1. 계정 관리 ··································· 319/340
2. 접근 관리 ·································· 325
3. 패치 관리 ·································· 328
4. 로그 관리 ·········································· 341
5. 기능 관리 ··································· 330/348

네트워크 장비
기본/선택
1. 계정 관리 ··································· 355/386
2. 접근 관리 ··································· 362/390
3. 패치 관리 ·································· 367
4. 로그 관리 ·········································· 396
5. 기능 관리 ··································· 369/405

제어시스템
기본/선택
1. 계정 관리 ·································· 431
2. 패치 관리 ·································· 437
3. 접근 통제 ·································· 439
4. 보안 관리 ··································· 450/465

PC
기본/선택
1. 계정 관리 ··································· 481/520
2. 서비스 관리 ······························· 487/522
3. 패치 관리 ·································· 498
4. 보안 관리 ··································· 506/529

DBMS
기본/선택
1. 계정 관리 ··································· 541/573
2. 접근 관리 ··································· 553/578
3. 옵션 관리 ··································· 561/587
4. 패치 관리 ··································· 565/595
5. 로그 관리 ·········································· 597

웹(WEB)
1. 버퍼 오버플로우 ······························· 603
2. 포맷스트링 ········································ 605
3. LDAP 인젝션 ··································· 607
4. 운영체제 명령 실행 ·························· 609
5. SQL 인젝션 ······································ 611
6. SSI 인젝션 ······································· 620
7. XPath 인젝션 ··································· 622
8. 디렉터리 인덱싱 ······························· 624
9. 정보 누출 ········································· 629
10. 악성 콘텐츠 ···································· 632
11. 크로스사이트 스크립트 ··················· 633
12. 약한 문자열 강도 ··························· 638
13. 불충분한 인증 ································· 640
14. 취약한 패스워드 복구 ····················· 642
15. 크로스사이트 리퀘스트 변조(CSRF) 644
16. 세션 예측 ······································· 646
17. 불충분한 인가 ································· 648
18. 불충분한 세션 만료 ························ 650
19. 세션 고정 ······································· 653
20. 자동화 공격 ···································· 654
21. 프로세스 검증 누락 ························ 656
22. 파일 업로드 ···································· 659
23. 파일 다운로드 ································· 667
24. 관리자 페이지 노출 ························ 672
25. 경로 추적 ······································· 675
26. 위치 공개 ······································· 677
27. 데이터 평문 전송 ··························· 679
28. 쿠키 변조 ······································· 681